Leos Literak's questions

我已经生成了带有别名服务器和 IP 地址的主题备用名称的自签名证书。我已将证书导入 Windows 受信任的证书颁发机构。Chrome 接受来自 SAN 的 URL 证书，但拒绝主题中所述的 URL。

OpenSSL：

openssl req -x509 -newkey rsa:4096 -sha256 -days 999 -nodes \
-keyout nginx.key -out nginx.crt  -subj '/CN=www.X.eu' \
-extensions san  \
-config <(echo '[req]'; echo 'distinguished_name=req'; echo '[san]'; echo 'subjectAltName=DNS:X.eu,DNS:re1.X.eu,DNS:10.105.1.11')

证书：

Subject: CN = www.X.eu
Subject Alternative Name:
 DNS Name=sandbox.X.eu 
 DNS Name=re1.X.eu 
 DNS Name=10.105.1.11

此 URL 失败并显示“此站点缺少有效的受信任证书 (net::ERR_CERT_COMMON_NAME_INVALID)”。

https://www.X.eu/favicon.ico

Chrome 接受此网址：

https://re1.X.eu/favicon.ico

问题出在哪里？

我正在运行 CentOS 7.7，我想在具有自定义 www 和日志位置的自定义用户下运行 Nginx。我已经点击了 SELinux，所以我启用了我的自定义目录：

semanage permissive -a httpd_t # temporarily make SELinux permissive
semanage fcontext -a -t httpd_sys_content_t  '/opt/x/data/nginx(/.*)?'
restorecon -R -v /opt/x/data/nginx
semanage fcontext -a -t  httpd_log_t '/opt/x/log/nginx(/.*)?'
restorecon -R -v /opt/x/log/nginx

这是我的 nginx.conf：

user Xnginx Xgrp;
worker_processes auto;
error_log /opt/x/log/nginx/error.log;
pid /run/nginx.pid;

和目录权限：

ls -lZ /opt/X/log/
drwxrwxr-x. Xnginx Xgrp unconfined_u:object_r:httpd_log_t:s0 nginx

我开始 Nginx

systemctl start nginx

它给了

[root@RE1 nginx]# systemctl status nginx
nginx.service - The nginx HTTP and reverse proxy server
  Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
  Active: active (running) since Wed 2020-05-06 09:15:06 CEST; 12min ago
  Process: 109185 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 109182 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 109180 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
  Main PID: 109187 (nginx)
   CGroup: /system.slice/nginx.service
       ├─109187 nginx: master process /usr/sbin/nginx
       ├─109188 nginx: worker process
       ├─109189 nginx: worker process
       ├─109190 nginx: worker process
       └─109191 nginx: worker process

May 06 09:15:06 RE1 systemd[1]: Starting The nginx HTTP and reverse proxy server...
May 06 09:15:06 RE1 nginx[109182]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
May 06 09:15:06 RE1 nginx[109182]: nginx: configuration file /etc/nginx/nginx.conf test is successful
May 06 09:15:06 RE1 systemd[1]: Started The nginx HTTP and reverse proxy server.

我可以看到子进程在用户下运行，而主进程以 root 身份运行

1     0 109187      1  20   0 131148  2268 sigsus Ss   ?          0:00 nginx: master process /usr/sbin/nginx
5   603 109188 109187  20   0 133632  3544 ep_pol S    ?          0:00  \_ nginx: worker process
5   603 109189 109187  20   0 133632  3544 ep_pol S    ?          0:00  \_ nginx: worker process
5   603 109190 109187  20   0 133632  3544 ep_pol S    ?          0:00  \_ nginx: worker process
5   603 109191 109187  20   0 133632  3544 ep_pol S    ?          0:00  \_ nginx: worker process

最后是问题：

ls -lZ /opt/X/log/nginx/
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 access.log
-rw-r--r--. root root system_u:object_r:httpd_log_t:s0 error.log

这些文件应该归 Xnginx 所有，而不是 root。为什么？

我读过一些关于wifi 扩展器的文章。我不明白在信号已经很差（-70 dBm）的地方是否有意义。wifi扩展器的接收器是否比笔记本更灵敏？